oss-fuzz/docs/faq.md

33 lines
1.6 KiB
Markdown
Raw Normal View History

2016-10-24 20:42:53 +00:00
# Frequently Asked Questions
2016-11-29 19:41:37 +00:00
## Why do you use a [different issue tracker](https://bugs.chromium.org/p/oss-fuzz/issues/list) for reporting bugs in OSS projects?
2016-10-24 20:42:53 +00:00
Security access control is important for the kind of issues that OSS-Fuzz detects.
2016-11-19 00:55:22 +00:00
We will reconsider github issue tracker once the
[access control feature](https://github.com/isaacs/github/issues/37) is available.
2016-10-25 21:40:30 +00:00
2016-12-02 22:53:14 +00:00
## Why we require an e-mail associated with a Google account?
The [issue tracker](https://bugs.chromium.org/p/oss-fuzz/issues/list) uses Google accounts for authentication.
Note that any e-mail address [can be associated](https://support.google.com/accounts/answer/176347?hl=en)
with a Google account.
2016-10-25 21:40:30 +00:00
## Why do you use Docker?
2016-11-29 19:41:37 +00:00
Building fuzzers requires building your project with a fresh Clang compiler and special compiler flags.
2016-10-25 21:40:30 +00:00
An easy-to-use Docker image is provided to simplify toolchain distribution. This also limits our exposure
2016-11-23 16:31:47 +00:00
to a multitude of Linux varieties and provides a reproducible and secure environment for fuzzer
2016-10-25 21:40:30 +00:00
building and execution.
2016-12-09 18:48:45 +00:00
## What kind of projects are you accepting?
2016-12-13 22:35:54 +00:00
We are currently in a beta status, and still working out issues in our service. At this point, we
2016-12-09 18:48:45 +00:00
can only commit to supporting established projects that have a critical impact on infrastructure and
user security. We will consider each request on a case-by-case basis, but some things we keep in mind are:
2016-12-13 22:35:54 +00:00
- Exposure to remote attacks (e.g. libraries that are used to process untrusted input)
2016-12-09 18:48:45 +00:00
- Number of users/other projects depending on this project.
We hope to relax this requirement in the future though, so keep an eye out even if we are not able
to accept your project at this time!